On Wed, 2005-02-09 at 14:46 +0000, Alistair Crooks wrote:

> The reason for this is one of security.  For almost all users, these
> commands are run as the root user; the commands are taken from a file
> in the filesystem hierarchy (which is not itself checksummed).  From a
> security POV, I want to know what commands are being run, even if you
> don't want to, because files can be modified, made to point to
> additional scripts, etc.

But still, the INSTALL and DEINSTALL scripts are executed and they can
do whatever they want being completely silent, isn't it?  In that case,
they could do the same harm as @exec/@unexec lines could...
Am I wrong?

-- 
Julio M. Merino Vidal <jmmv84@gmail.com>
http://www.livejournal.com/users/jmmv/
The NetBSD Project - http://www.NetBSD.org/